Implications for the End User of How You Design A Blockchain For Digital Identity
Implications for the end user of how you design a blockchain for digital identity
Convenor: Cara LaPointre
Note taker: Lara Fishbane
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
What are the decisions you make in building a blockchain that have implications for the end user?
Never put PII data on a blockchain, even if it’s encrypted
You can put a hash of the PII
Hashes are immune to quantum attacks
Cannot erase anything you put on the blockchain
Chance of protecting it
Hash can verify that it’s correct
How can the end user have access to the data?
Whole point of the blockchain is to make it immutable and accessible
What are ways that if you do have the data, is there any way to still make it transparent?
Can be reflected to them on a UI
Log into system, a lot of standardized ways
Person needs login credentials
Disaster relief mechanism
What information you need
Make sure that the end user gets the money
PII on the blockchain or link to it? Who are the nodes?
Does not allowing leakage
Do you even use a blockchain?
The distinction with a vulnerable population is that they might need to give data to access services.
In a disaster situation, you don’t have any choice.
What information specifically goes in there? How do you choose authenticators or validators?
Decentralized authority / infrastructure
Blockchain technologies in marginalized communities
The access problem is actually very important. If I am the doctor, I can override certain rights that people usually have. What I need to rule out is how this happens.
Record what’s been done. When has a doctor overridden your rights?
If you’ve decided that blockchain is it, then you need to decide which blockchain is it?
You have to make that decision too. Whoever is making the policy needs to have information about what types of blockchains there are.
Need to have person who understands security. Will a quantum computer break everything?
A system that looks at everyone. Literature or illiterate. System with trust built into it.
Identity to be documented, need trust protocol. Can’t even have agency. Has to have trust protocol.
Are there certain identifiers that would be more beneficial than others?
Not actually helpful if everyone has the same name. These are cultural questions. A lot of our thinking about what identity is -- states and identities for people co-arose. Taking identity to places where people aren’t related to the state.
Biometrics seem useful here.
Aren’t we putting too much identity information into one place?
Are biometrics able to be put on a blockchain?
What does the person need to prove that they own it? Don’t put public key, just put the hash of the public key?
What do people physically need to prove they own it? Private key.
Mechanism to recover private keys? A service to do it. Service doesn’t have to work in a second.
Authenticate in a second.
Key recovery → split into different places
iRespond is trying to support people
Individual has agency over record?
What exactly is in your digital identity universe? You choose what you want to transact out. Need to think about all these ways you want to
What is the minimum amount of identity?
Are there things that are easier to ensure?
Blockchain that sits on top of the situation that suits the conditions.
Concern to the emergency team.
→ Think about a few kind of templates or overruling logic
Opting out is possibly all a matter or transparency. Ruling out through regulation.
Implementation matters. If we use a service, we assume it’s private.
Same principle applies.
Public blockchain is anonymous. Decentralize for better transparency.
Public/private blockchain scenarios. Cut through different applications.
Probably not a bad idea. Recording somewhere.
There are some pieces of heathcare information that aren’t anyone’s business.
Understanding blockchain options. How do they apply?
How do you decide who the nodes are and what access they might have?
How does that affect the end user?
Will all the nodes have universal accessibility?
If you have a private blockchain and permissioned nodes, can everyone see all the information in it?
The whole point of decentralized is that you touch what you can see. Pretty much the whole concept is that you decide.
In general, it’s very difficult to see anything. The actual data isn’t really on the blockchain.
Technical decisions for the person you’re hiring and it’s much better not to do that.
Give it to contractor? Let them build a road. If you don’t want data to be seen, don’t put it on a blockchain.
Give tools to policymakers.
What you need to do is get an expert to go out and evaluate these things
Need to have a competition so you can go out and shoot down other people’s ideas
How do you protect the privacy of the end user is a good question, but it’s too early to ask more detailed questions. Can’t design a system. It’s too early.
Who has access, interactions, move the data, encryption?
If a quantum computer was invented and became easily accessible, what does it do to your design?